<?php
  include("header.php");
  include("functions.php");
  if ($_SESSION['user_level'] != 1 or (!$_SESSION['signed_in'])) {
      header("location: redirect.php");
  } else {
      if ($_SERVER['REQUEST_METHOD'] != 'POST') {
	      $uid = ""; $user_name = "";
		  if (isset($_GET['uid']))
		  {$uid = mysql_real_escape_string($_GET['uid']);
		  $res = $db->query("SELECT user_name FROM " . $table_prefix . "users WHERE user_id =  $uid LIMIT 1");
		  $un = mysql_fetch_assoc($res);
		  $user_name = "Ban user: <div class='hl'><b>$un[user_name]</b></div><br>";
		  }
          $tags = array('{ENTER_UID}', '{ENTER_UIP}', '{BAN_REASON}', '{BAN_TIME}', '{LEAVE_EMPTY}','{UID}','{U_NAME}');
          $data = array('Enter UserID', '</b>or ban <b>IP address', 'Ban reason', 'Ban time (minutes)', '(Leave empty for permanent)',$uid,$user_name);
          echo str_replace($tags, $data, file_get_contents("./style/" . $default_style . "/bans.html"));
          
          //PAGINATION
          $result = $db->query("SELECT COUNT(*) FROM " . $table_prefix . "banlist");
          $r = mysql_fetch_row($result);
          $numrows = $r[0];
          $rowsperpage = 20; //How many banned users per page (20 default)//
          $totalpages = ceil($numrows / $rowsperpage);
          if ($totalpages == 0) {
              $totalpages = 1;
          }
          echo "<table><tr>";
          if (isset($_GET['page']) && is_numeric($_GET['page'])) {
              $currentpage = (int)$_GET['page'];
          } else {
              $currentpage = 1;
          }
          if ($currentpage > $totalpages) {
              $currentpage = $totalpages;
          }
          if ($currentpage < 1) {
              $currentpage = 1;
          }
          $offset = ($currentpage - 1) * $rowsperpage;
          $current_page = $page;
          if ($current_page == "") {
              $current_page = 1;
          }
          $range = $max_pagination_link;
          if ($range >= $totalpages) {
              $range = $totalpages;
          }
          echo '<td align="right" class="pagination"> <b>' . $l_page . ' ' . $current_page . ' ' . $l_page_of . ' ' . $totalpages . '</b> [' . $numrows . ' ' . $l_maches . ']  &nbsp; &nbsp;';
          if ($currentpage > 1) {
              echo " <a title= '$l_first_page' href='{$_SERVER['PHP_SELF']}?page=1'><<</a> ";
              $prevpage = $currentpage - 1;
              echo " <a title='$l_prev_page' href='{$_SERVER['PHP_SELF']}?page=$prevpage'><</a> ";
          }
          for ($x = ($currentpage - $range); $x < (($currentpage + $range) + 1); $x++) {
              if (($x > 0) && ($x <= $totalpages)) {
                  if ($x == $currentpage) {
                      echo " [<b>$x</b>] ";
                  } else {
                      echo " <a title='$l_goto_page " . $x . "' href='{$_SERVER['PHP_SELF']}?page=$x'>$x</a> ";
                  }
              }
          }
          if ($currentpage != $totalpages) {
              $nextpage = $currentpage + 1;
              echo " <a title='$l_next_page' href='{$_SERVER['PHP_SELF']}?page=$nextpage'>></a> ";
              echo " <a title='$l_goto_last_page' href='{$_SERVER['PHP_SELF']}?page=$totalpages'>>></a> ";
          }
          echo '</td></tr></table>';

          if ($page <= 0 or $page > $totalpages) {
              $page = 1;
          }
          
          $offset = $rowsperpage * ($page - 1);
          $qqq += 1;
          //END PAGINATION
          
          $result = mysql_query("SELECT * FROM " . $table_prefix . "banlist ORDER BY ban_id DESC LIMIT $offset, $rowsperpage");
          if (!$result) {
              echo "Error!";
              die;
          }
          if (mysql_num_rows($result) == 0) {
              echo "";
          } else {
              echo "<br /><table border=1><b>Bans</b><hr /><br />
<tr>
<th style='color:black;height:16px;'>&nbsp;<b>Username</b></th>
<th style='color:black;height:16px;'>&nbsp;<b>IP</b></th>
<th style='color:black;height:16px;'>&nbsp;<b>Email</b></th>
<th style='color:black;height:16px;'>&nbsp;<b>Reason</b></th>
<th style='color:black;height:16px;'>&nbsp;<b>Expire</b></th><th></th></tr>
";
              while ($row = mysql_fetch_assoc($result)) {
                  $banned = mysql_query("SELECT user_name,user_id,user_email,user_ip FROM " . $table_prefix . "users WHERE user_id = " . $row['ban_userid'] . "");
                  $row2 = mysql_fetch_assoc($banned);
                  
                  $ban_expired = date($date_format, strtotime($row['ban_time']));
                  
                  $ban_time = date($date_format, strtotime($row['ban_time']));
                  $time = strtotime($time_difference . " hours");
                  if (date($date_format, $time) >= $ban_time and $row['ban_time'] != "0000-00-00 00:00:00") {
                      $ban_expired = "Expired";
                      if ($row2['user_id'] != "") {
                          $result2 = mysql_query("DELETE FROM " . $table_prefix . "banlist WHERE ban_userid = " . $row2['user_id']) or die(mysql_error());
                      } else {
                          $unban_ip = mysql_real_escape_string($_GET['unban']);
                          $unban_ip = $row['ban_ip'];
                          
                          $result2 = mysql_query("DELETE FROM " . $table_prefix . "banlist WHERE ban_ip = '" . $unban_ip . "'") or die(mysql_error());
                      }
                  }
                  if ($row2['user_ip'] == "") {
                      $row2['user_ip'] = "<span style='color:red'>" . $row['ban_ip'] . "</span>";
                  }
                  if ($row2['user_id'] == "") {
                      $row2['user_id'] = "-5&unbanip=" . $row['ban_ip'];
                  }
                  if ($row['ban_time'] == "0000-00-00 00:00:00") {
                      $ban_expired = "<span style='color:red'> &nbsp;Never</span>";
                  }
                  {
                      echo "<tr>
<td width='150px' height='24px'><b><a href='../user.php?u=" . $row2['user_id'] . "' TARGET='_blank'>" . $row2['user_name'] . "</a></td>
<td width='120px'></b> " . $row2['user_ip'] . " </td>
<td width='180px'> " . $row2['user_email'] . "</td>
<td width='180px'> " . $row['ban_reason'] . "</td>
<td width='150px'> " . $ban_expired . "</td>
<td width='150px'>  <a href='unban.php?unban=" . $row2['user_id'] . "'> <b>[Unban]</b></a></td></tr>";
                  }
              }
          }
      } else {
          if ($_POST['ban_ip'] == "") {
              $result = $db->query("SELECT user_name,user_id,user_ip,user_email FROM " . $table_prefix . "users WHERE user_id = " . $_POST['bans'] . "");
              $result3 = $db->query("SELECT ban_userid FROM " . $table_prefix . "banlist WHERE ban_userid = " . $_POST['bans'] . "");
              
              if (!$result) {
                  echo "<div align='center'>Wrong userID<br /><br /><a href='bans.php'>Back to previous page</a></div>";
              } else {
                  
                  $row2 = mysql_fetch_assoc($result3);
                  $row = mysql_fetch_assoc($result);
                  echo "<br>";
                  if ($row['user_id'] == $row2['ban_userid']) {
                      echo "<div align='center'>User already banned or unknown user!<br /><br /><a href='bans.php'>Back to previous page</a></div>";
                  } else {
                      if ($_POST['bans'] == 1) {
                          echo "<div align='center'>You can't ban that user!<br /><br /><a href='bans.php'>Back to previous page</a></div>";
                      } else {
                          $ban_timestr = "(" . $_POST['time'] . " minutes)";
                          
                          if ($_POST['time'] == "") {
                              $bantime = "0";
                              $ban_timestr = "";
                          } else {
                              $bantime = "NOW() + INTERVAL " . $_POST['time'] . " MINUTE + INTERVAL " . $server_time . " MINUTE + INTERVAL " . $time_difference . " HOUR";
                          }
                          $banreason = $_POST['ban_reason'];
                          $banreason = str_replace('iframe', '%69%66%72%61%6D%65', $banreason);
                          $banreason = convEnt2($banreason);
                          
                          $result2 = $db->query("INSERT INTO " . $table_prefix . "banlist(ban_userid,ban_ip,ban_email,ban_reason,ban_time) VALUES('" . $row['user_id'] . "','" . $row['user_ip'] . "','" . $row['user_email'] . "','" . $banreason . "',$bantime)");
						  $result3 = $db->query("UPDATE ".$table_prefix."users SET is_banned = 1 WHERE user_id = $row[user_id]");
                          if ($result2) {
                              echo "<div align='center'>User <b>" . $row['user_name'] . "</b> (ID:" . $row['user_id'] . ")  has been banned! " . $ban_timestr . "<br /><br /><a href='bans.php'>Back to previous page</a></div>";
                          }
                      }
                  }
              }
          } else {
              $ban_ip = $_POST['ban_ip'];
              if (validateIpAddress($ban_ip)) {
                  $result = $db->query("SELECT ban_ip,ban_userid FROM " . $table_prefix . "banlist WHERE ban_ip = '" . $_POST['ban_ip'] . "'");
                  if (mysql_num_rows($result) != 0) {
                      echo "<div align='center'>IP already banned!<br /><br /><a href='bans.php'>Back to previous page</a></div>";
                      $bantime = "NOW() + INTERVAL " . $_POST['time'] . " MINUTE + INTERVAL " . $server_time . " MINUTE + INTERVAL " . $time_difference . " HOUR";
                      if ($_POST['time'] == "") {
                          $bantime = "'0000-00-00 00:00:00'";
                      }
                      
                      $row = mysql_fetch_assoc($result);
                      if ($row['ban_userid'] != 0) {
                          $result = $db->query("INSERT INTO " . $table_prefix . "banlist(ban_ip,ban_reason,ban_time,ban_userid) VALUES('" . $_POST['ban_ip'] . "','" . $banreason . "'," . $bantime . ",'')");
                          if ($result) {
                              echo "<br /><div align='center'>Address <b>" . $_POST['ban_ip'] . "</b> has been banned!<br /><br />";
                          }
                      }
                  } else {
                      $bantime = "NOW() + INTERVAL " . $_POST['time'] . " MINUTE + INTERVAL " . $server_time . " MINUTE + INTERVAL " . $time_difference . " ";
                      if ($_POST['time'] == "") {
                          $bantime = "'0000-00-00 00:00:00'";
                      }
                      
                      $result = $db->query("INSERT INTO " . $table_prefix . "banlist(ban_ip,ban_reason,ban_time,ban_userid) VALUES('" . $_POST['ban_ip'] . "','" . $banreason . "'," . $bantime . ",'')");
                      if ($result) {
                          echo "<div align='center'>Address <b>" . $_POST['ban_ip'] . "</b> has been banned!<br /><br /><a href='bans.php'>Back to previous page</a></div>";
                      }
                  }
              } else {
                  echo "<div align='center'><font color='red'>IP address <b>" . $_POST['ban_ip'] . "</b> is not valid!<br /><br /><a href='bans.php'>Back to previous page</a></div></font>";
              }
          }
      }
      $pageTitle = "Bans";
      $pageContents = ob_get_contents();
      ob_end_clean();
      echo str_replace('<!--TITLE-->', $pageTitle, $pageContents);
  }
?>